CVE-2018-25415

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Attackers can send GET requests to director.php with crafted SQL payloads in the director parameter to...

CVE-2019-25415

Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspotpermanentusers endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to...

CVE-2026-25415 WordPress WPBookit Pro plugin <= 1.6.18 - Broken Access Control vulnerability

Missing Authorization vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPBookit Pro: from n/a through = 1.6.18...

CVE-2023-25415

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration...

CVE-2021-25415

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable...

CVE-2024-25415

creationtimestamp| type| source ---|---|--- 2024-02-16 03:22:05+00:00| seen| https://t.me/ctinow/186095 2024-03-08 08:56:37+00:00| seen| https://t.me/ctinow/203152 2024-04-12 06:52:54+00:00| seen| https://t.me/arpsyndicate/4545...

CVE-2024-25415

A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...

CVE-2024-25415

CVE-2024-25415 is an RCE affecting CE Phoenix v1.0.8.20 via /admin/define_language.php, enabling arbitrary PHP code execution by injecting a crafted payload into english.php. Multiple sources confirm the issue and link to public PoCs/exploits, with CVSS v3.1 scores: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:...

CVE-2023-25415

creationtimestamp| type| source ---|---|--- 2023-04-12 00:29:41+00:00| seen| https://t.me/cibsecurity/61942...

CVE-2023-25415

CVE-2023-25415 affects Aten PE8108 with firmware version 2.4.232. The issue is Incorrect Access Control that permits unauthenticated access to the Event Notification configuration. According to the provided sources, the CVSS v3.1 base score is 5.3 (Network, Low attack complexity, None privileges,...

CVE-2021-25415

CVE-2021-25415 concerns Samsung Mobile’s RKP (kernel protection) before SMR JUN-2021 Release 1. The vulnerability stems from improper address validation, enabling a local attacker to remap EL2 memory as writable if EL1 is compromised. Documents identify the affected component as Samsung RKP and d...